Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-33517 Mantis Bug Tracker (MantisBT) is an open source issue tracker. In version 2.28.0, when deleting a Tag (tag_delete.php), improper escaping of its name when displaying the confirmation message allows an... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-29828 DooTask v1.6.27 has a Cross-Site Scripting (XSS) vulnerability in the /manage/project/<id> page via the input field projectDesc. | 6.1 | MEDIUM | — | 0 |
| CVE-2026-29520 Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0512 Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed b... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-30567 A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_product.php file via the "limit" parameter. The application fails to sanitize t... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27674 Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted by the application and caus... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-51226 A stored cross-site scripting (XSS) vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HT... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-33499 WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `view/forbiddenPage.php` and `view/warningPage.php` templates reflect the `$_REQUEST['unlockPassword']` paramete... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-32850 MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-32289 Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS t... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-35667 OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately witho... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-30569 A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_stock_availability.php file via the "limit" param... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-30570 A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_sales.php file via the "limit" parameter. The application fails to sanitize the... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-25854 Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-39315 Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in <head> safel... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-6203 The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via th... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-70797 Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Box[title] and box[url] parameters. | 6.1 | MEDIUM | — | 0 |
| CVE-2025-63238 A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance() function in application/models/QuestionCreat... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-2349 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal UI Icons allows Cross-Site Scripting (XSS).This issue affects UI Icons: from 0.0.0 before 1... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-29934 A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-33525 Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web portal. In version 4.39.15, an attacker may p... | 6.1 | MEDIUM | — | 0 |
| CVE-2017-20239 MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft U... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-31382 The error_description parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload. | 6.1 | MEDIUM | — | 0 |
| CVE-2026-30556 A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The applicatio... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-30571 A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_category.php file via the "limit" parameter. The application fails to sanitize ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-30557 A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_category.php file via the "msg" parameter. The app... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-20104 A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Swit... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-21904 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the list filter fiel... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-4305 The Royal WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpr_pending_template' parameter in all versions up to, and including, 1.0.16 d... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-33170 Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `SafeBuffer#%` does not propagate the `@h... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-20041 A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected d... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-3529 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting (XSS).This issue affects Google Analytics ... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-54358 WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. At... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-33347 league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-54360 Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Attackers can craft mali... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-33933 OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting (XSS... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-5896 Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HT... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-54361 Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter_keyword parameter. Attackers can... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-54362 Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can cr... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-54363 Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show,... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-54364 Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter end... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-52204 A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27740 Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw out... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-5525 A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trail... | 6.0 | MEDIUM | — | 0 |
| CVE-2026-35572 ChurchCRM is an open-source church management system. Prior to 6.5.3, it is possible to trigger server-side HTTP/HTTPS requests to arbitrary hosts (SSRF) by supplying a crafted URL in the Referer requ... | 6.0 | MEDIUM | — | 0 |
| CVE-2026-32037 OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configured mediaAllowHosts allowlists during MSTeams media downloads. Attackers can supply or influence attac... | 6.0 | MEDIUM | — | 0 |
| CVE-2026-31997 OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv[0] tokens in system.run approvals, allowing post-approval executable rebind attacks. Attackers can modify PAT... | 6.0 | MEDIUM | — | 0 |
| CVE-2026-34765 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, when a renderer calls window.open() with a ... | 6.0 | MEDIUM | — | 0 |
| CVE-2026-39670 Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through <= 2.3.0. | 6.0 | MEDIUM | — | 0 |
| CVE-2026-32632 Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI applicati... | 5.9 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.